The chief technology officer of Tier-3 has slammed AOL for security holes that researchers claim exist in the latest version of its instant messenger (IM) software.Geoff Sweeney said the vulnerability, detected by Core Security Technologies, is a security threat to companies using AOL Instant Messenger (AIM).
"The use of IM technology poses a security risk to organisations and when there is a problem with the software the risk is greatly increased,” said Geoff Sweeney, Tier-3's CTO, in a statement. “Users should immediately be moved to a version of AIM that does not contain the vulnerability."
The alleged flaw could allow an attacker to remotely execute code on an employee’s machine and exploit bugs in Internet Explorer (IE) without user interaction, according to Core Security.
It is understood that the vulnerability could also allow the injection of scripting code in IE, and cross-site request forgery and cookie manipulation using embedded HTML.
The flaw is said to affect versions AIM 6.1, AIM 6.2, AIM Pro and AIM Lite and Core Security has urged users to upgrade to the beta version of AIM 6.5 or switch back to AOL IM 5.9.